A security researcher has discovered that Microsoft Edge will load all your stored passwords into memory in plaintext at startup, making it easy for malware to scrape those passwords.
  • Romkslrqusz@lemmy.zipEnglish
    31·
    2 days ago

    Access to browser data as described in the reported scenario would require the device to already be compromised.

    Encrypting passwords / loading them into memory on an as-requested basis limits the scope of what gets compromised on a compromised device. The “performance” insinuation in the article is BS, other browsers autofill just fine without keeping all passwords plaintext in memory.

    With this vulnerability, scam artists will be able to harvest all of a user’s passwords within a minute of connecting. Older folks fall for these types of scams all the time.

    By Microsoft logic, you may as well leave a safe unlocked since access to its contents would require that your home have been compromised already.

    • OwOarchist@pawb.socialEnglish
      10·
      1 day ago

      Access to browser data as described in the reported scenario would require the device to already be compromised.

      Ah, so you’re perfectly fine as long as your device is never compromised.

      Don’t worry about the missing fire extinguisher bro, that’s only important if the building is already on fire.

  • Godort@lemmy.caEnglish
    22·
    2 days ago

    Safety and security are foundational to Microsoft Edge. Access to browser data as described in the reported scenario would require the device to already be compromised.

    Good thing that devices never get compromised. This would be a really big problem otherwise.

    • Mihies@programming.devEnglish
      11·
      1 day ago

      Nope. Chromium is web engine, it doesn’t handle passwords, that’s all on implementation of the app. That said, Chrome is much better protecting passwords.